The present invention relates to computer system data storage. More particular, this invention relates to a virtual data storage system that can be configured to provide multiple data storage devices for a single physical data storage device, and to selectively isolate at least one virtual data storage device from the computer system.
A typical computer system generally includes one or more memory subsystems which are connected to one or more central processing units (xe2x80x9cCPUsxe2x80x9d) either directly or through a control unit and a communications channel. The function of these memory subsystems is to store data and programs which the CPU(s) use in performing particular data processing tasks. Modern computer systems also include systems in which a relatively large computer system is formed by networking together multiple smaller computer systems.
Many types of memory subsystems are used in a variety of combinations in current computer systems. These include random access memory (xe2x80x9cRAMxe2x80x9d), dynamic random access memory (xe2x80x9cDRAMxe2x80x9d), read-only memory (xe2x80x9cROMxe2x80x9d), nonvolatile memory and large-capacity storage devices for storing large quantities of data. A typical large-capacity storage device subsystem may include one or more disk drives, tape drives and/or CD-ROMs connected to the computer system through appropriate control units. A serious problem arises, however, if a memory subsystem fails or is caused to fail such that data stored therein is destroyed, corrupted and/or no longer available to the system.
Such a failure could for example be caused by a computer virus, an illegal program instruction or the failure of all or part of a disk drive""s storage medium. Such failures typically cause the entire computer system to cease functioning (i.e., xe2x80x9ccrashxe2x80x9d), and also compromise the security of all of the data stored within the computer system. These types of failures could for example destroy all stored data, the computer""s operating system and/or the operating system""s ability to initialize and restart (i.e., xe2x80x9cbootxe2x80x9d) the computer. Such data failures can take any number of forms, from the slow subtle destruction of sensitive data to the instantaneous destruction of all data and software necessary to run or restart the computer system.
Computer system memory subsystems such as disk drives typically operate by communicating with the computer system""s CPU(s) either directly or indirectly through an appropriate control unit. Operating disk drives in this conventional fashion normally exposes the entire contents of the disk drive storage device to spurious commands and electronic signals for the entire time the computer system is operating. As a result, during this time all of the data stored in the disk drive is exposed to destruction or corruption.
Although attempts have been made in the prior art to protect memory subsystems from unwanted corruption or destruction, none of these solutions has succeeded in providing the level of protection necessary to eliminate such risks in the case of events such as infiltration by a computer virus. In the case of disk drive storage systems in particular, none of the prior art solutions provide sufficient protection against corruption of data stored therein. This is because prior art systems do not sufficiently restrict the computer system""s access to only portions of the disk drive containing data necessary for operation of the computer system by the current user or users.
For example, U.S. Pat. Nos. 5,586,301 and 5,657,470 disclose personal computer hard disk protection systems which partition hard disk drives into multiple zones, each having restricted user and application program access. U.S. Pat. No. 5,129,088 discloses a mechanism for dynamically reconfiguring such partitions based on the computer system""s changing requirements. U.S. Pat. No. 5,829,053 discloses a more efficient mechanism for managing the partitioning code data which is used to control such a partitioning scheme. In addition, U.S. Pat. No. 5,519,844 discloses a RAID (Redundant Array of Inexpensive Disks) disk drive architecture for providing redundant disk drive copies of data so that, in the event that one copy is irreparably corrupted or destroyed, another undamaged copy of the data nevertheless can be retrieved. None of these protection systems, however, prevents a computer system and its operating system from accessing or communicating with certain portions of a disk drive system in the event that program data is corrupted, such as in the event of infiltration by a computer virus for example. In the event of such an infiltration, all data stored in the disk drive system could be corrupted or destroyed.
Therefore, a need has arisen for a system which will protect certain desired portions of data stored in a computer memory subsystem from spurious commands and electronic signals while the computer system is operating, thereby protecting such stored data from possible undesired destruction or corruption. The need has also arisen in particular for a system which provides such protection to a disk drive storage system, and which restricts the computer system to communicating with only those portions of data necessary for operation of the computer system by the current user or users.
It is an object of the present invention to provide a Virtual Data Storage (xe2x80x9cVDSxe2x80x9d) System for computer memory systems which substantially eliminates or reduces the disadvantages and problems associated with the corruption and destruction of data in prior computer memory systems.
The VDS System of the present invention provides multiple virtual data storage devices for use in a computer system which contains a central processing unit (xe2x80x9cCPUxe2x80x9d). The VDS System includes a memory system for storing information and a VDS Controller which is in communication with the memory system and the CPU. The VDS Controller partitions the memory system into multiple virtual data storage devices, and then restricts the computer system from communicating with certain of these virtual data storage devices. The VDS Controller thus selectively isolates at least one of the virtual data storage devices from communicating with the computer system, in order to prevent corruption of information stored in at least one virtual data storage device.
In a preferred embodiment of the invention, the VDS controller provides multiple virtual data storage devices for use in a computer system which contains multiple smaller computer systems and/or computer system components and/or multiple CPUs.
In another aspect of the invention, the VDS controller can be configured to select the quantity and size of the multiple virtual data storage devices, as well as the virtual data storage devices which are selectively isolated from communication with the computer system. In a preferred embodiment, the computer system engages in an initialization boot sequence followed by a period of normal operation. In this embodiment, the VDS Controller is configured during the computer system""s initialization boot sequence, and the VDS Controller selectively isolates the selected virtual data storage devices from communication with the computer system during the computer system""s period of normal operation. In yet another preferred embodiment, the computer system has multiple users, one or more of which configures the VDS Controller. In another preferred embodiment, the virtual data storage devices which are selectively isolated from communication with the computer system are determined according to the user(s) operating the computer system during the computer system""s period of normal operation. In yet another preferred embodiment, the computer system engages in the initialization boot sequence when electrical power is applied to the computer system or when the computer system is reset.
In yet another aspect of the invention, the VDS Controller is configured using a stored initialization and configuration routine and stored configuration data, which the computer system can access only during the initialization boot sequence. In a preferred embodiment, the initialization and configuration routine and the configuration data are stored in the computer system""s memory system.
In another aspect of the invention, the computer system used in connection with the invention is a personal computer (xe2x80x9cPCxe2x80x9d) system, and the initialization boot sequence is a BIOS sequence. In yet another aspect of the invention, the BIOS sequence invokes the stored initialization and configuration routine for configuring the VDS controller.
In a preferred embodiment, the memory system is a disk drive storage system and the virtual data storage devices are virtual disk drives. In yet another preferred embodiment, the disk drive storage system includes multiple disk drive storage units. In yet another preferred embodiment, the VDS Controller is configured so that only one virtual data storage device can communicate with the computer system. In still another preferred embodiment, the VDS Controller is configured so that more than one virtual data storage device can communicate with the computer system.
The present invention also provides a method for providing multiple virtual data storage devices for use in a computer system which has a memory system for storing information. This method includes partitioning the memory system into multiple virtual data storage devices, and then restricting communication by the computer system to communication with only certain of the virtual data storage devices. The method of the invention thus selectively isolates at least one virtual data storage device from communication with the computer system, in order to prevent corruption of information stored in at least one virtual data storage device.
The details of the preferred embodiment of the present invention are set forth in the accompanying drawings and the description below. Once the details of the invention are known, numerous additional innovations and changes will become obvious to one skilled in the art.